This week's book giveaway is in the NodeJS forum.
We're giving away four copies of Serverless Applications with Node.js and have Slobodan Stojanovic & Aleksandar Simovic on-line!
See this thread for details.
Win a copy of Serverless Applications with Node.js this week in the NodeJS forum!

Michael Mendelson

Ranch Hand
+ Follow
since Dec 19, 2000
Cows and Likes
Total received
In last 30 days
Total given
Total received
Received in last 30 days
Total given
Given in last 30 days
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Michael Mendelson

Unfortunately this was a long time ago and I don't work in the Tomcat environment any more. To make matters worse, I don't even have that source code. I'll tell you what I remember:

I was created a Tomcat Realm, so that I could custom-configure my security settings in the server.xml file. The mbeans-descriptors.xml file defines that inerface. What I did was to take the out-of-the-box mbeans-descriptors.xml and adding my class to it. Because my class was an extension of the Realm class, I took the descriptor for the Realm, extended it, and added a new entry.

Then it was a matter of where to put the class so that tomcat would "see" it, and pick it up BEFORE the original mbeans-descriptors.xml.

I did that as described above.

Good luck, and sorry I don't have more details...
14 years ago
Well, seems I had a fundamental misunderstanding of how the class works - a basic shortcoming of Java api documents, I always think -- anyway, I dug up the following on the web, and will try this approach.
Your comments are always appreciated.
A keyed digest is one in which a secret key is used to create a digest for a buffer of bytes. You can use different keys to create different digests for the same buffer of bytes.

oh yes, here's the credit for the above code:
[ March 26, 2003: Message edited by: Michael Mendelson ]
16 years ago
Alain is correct, of course. You'll need to do a lookup using the SessionID - this can be done in some persistent class on the server side - like a Valve or a Servlet.
16 years ago
I need to encrypt a string using MD5 encryption, in order for my ecommerce site to communicate with a credit card company (
Annoyingly, they had no sample code in Java, but did have some in php (and perl, and asp - the bums). Here is the crucial line:

The question - The above php function uses a key - a string - to encrypt its data. In the java MessageDigest I could find no such equivalent.
Does anyone know of a way to do this? What am I missing here?
Thanks all.
16 years ago
Hello all,
I would like to use my apache/httpd error page for certain tomcat errors as well (e.g. 404). In the web.xml file though, the directive...

...routes me to http://localhost/projectname/error/404.html.
How would I route to an error page location that's external to the project?
I'm using Apache 1.3.23 and Tomcat 4.1.18 (and mod_jk to route requests to tomcat), if it matters.
16 years ago
Tomcat won't serve asp. Asp is a Microsoft language, and hence will only run on their servers.
Tomcat will serve html though. You don't need any additional setup for that.
If you need to run both java and asp, you'll need to run IIS and have it pass all servlet/jsp requests to Tomcat.
16 years ago
Attention Tomcat 4.1 Gurus!
I was writing a Realm (a customized authenticator class), and ran into an exception when implementing. It seems that Tomcat 4.1 uses an entity called Managed Beans to communicate between the "managed objects" mentioned in server.xml.
The only way I could figure out to get rid of this exception (which occurs at startup):

...was to modify an xml file burried deep in the Catalina code.
I would prefer this not to be part of my implementation, so I'm wondering if there's a more elegant way to set these objects up? Why is this xml file so hidden?
More details in my response to
this post.
I unearthed very few resources on the implementation of these objects in Tomcat, save the JSR-77 Specification (which doesn't discuss the Tomcat implementation).
Thanks, all.
16 years ago
Hey mon, check out
...although why would you want to run that version? It's pretty old. Well, you probably have a good reason.
16 years ago
Adam, have you solved this problem? I can't give you a solution but can provide more information.
Evidently there's a ManagedBean set up for each "managed object" in Catalina (e.g. Valves, Realms, etc.). See
I ran into this issue when setting up a new Realm. Evidently all the information listed on the page referenced above comes from an xml file located at org\apache\catalina\mbeans\mbeans-descriptors.xml. (I found it by following that stack trace. It's read by org\apache\catalina\mbeans\, if you have the source.)
What I did was to modify this file, and save it as TOMCAT_HOME\server\classes\org\apache\catalina\mbeans\mbeans-descriptors.xml, so it gets "found" in the classpath before the one in catalina.jar.
I just modeled my entry on a similar class.
My hunch is that this is used to define/pass parameters from server.xml and web.xml. However, there must be a more elegant way to handle this!
It was certainly not an issue in 4.0. :roll:
16 years ago
OK, here's my latest take on it:
Valves/filters may be used for authentication, but Realms seem to be designed for it.
Valves/filters are newer than Realms, and are a bit more flexible. For example, you can use them for post-processing (AFTER the page executes).
My suggestion (if you can be flexible and just needs something simple) is to use the JDBCRealm that's "out of the box."
It's sort of a confusing issue because there's a lot of overlap in functionality.
If you're interested in understanding Valves a little better, my suggestion is to take a look at RequestFilterValve (and its subclasses, RemoteAddrValve and RemoteHostValve). These are pre-written filters whose use is explained at They give you an example of how filters work, BUT the problem I have with them is that they rely on information in the server.xml file. Changing it will require a re-start, which might be inappropriate in a production environment.
[ December 25, 2002: Message edited by: Michael Mendelson ]
16 years ago
Chris is right. A servlet cannot do this, since the client's browser itself controls whether another a link appears in a new window.
The best you can do is to use Javascript.
16 years ago
I'm implementing authentication as a Valve, and was hoping to have access to the HttpSession, so I can pass Attributes to the jsp. That would be really powerful. So I devised this code as a test:

It seemed that no matter where I located the Valve tag in server.xml, the HttpSession came back null.
Does anyone know - Is it possible to access the session information at this level? How?
16 years ago
Bill, this is probably not what you wanted to hear, but I once tried getting them to work together and found it nothing less than a nightmare. It seemed that on one box everything worked fine, as directed etc.
On the other box, everything SEEMED to go well (complete with the green arrow) but did not. I tried everything, and finally switched servers! It turns out that Apache has a windows version that works fine, which I am using until I can get all of my apps migrated over to a Linux box.
16 years ago

But, why my little Hello.jsp in the ...\webapps\Root directory gives me error-404 when I typed http://localhost:8080/Hello.jsp in the IE address bar?

Well, 404 means "not found". Offhand check the server.xml. Check the directory and make sure that the jsp landed in the same directory as the default Tomcat index file.
Is the capitalization of your directories and the jsp file consistent with the url? Even if you're working on a windows platform, it could matter.
It's really hard to tell. Try approaching the problem as I suggested earlier, and eventually I have a feeling you'll stumble upon the answer you seek.
16 years ago
That's funny, Cindy. We're letting my 6-year-old girl invite over 6 (also 6-year-old) friends for a sleepover.
Can't wait.
16 years ago